Data Domain: Self-signed https certificates are presented instead of imported certificates

Summary: Recent Data Domain Operating System (DDOS) versions experience an issue in which Data Domain fails to present a valid externally signed HTTPS certificate. Instead, it defaults to self-signed. The system then prioritizes the default self‑signed certificate. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected versions:

  • DDOS 8.3.1.20
  • DDOS 8.6.0.0
  • DDOS 7.13.1.60

Cause

A registration key is not being set correctly during the certificate import process.

The registration key that controls if the DDOS uses an external certificate or not is: config_master.comm.ext.selfsigned

You can check the current value from the Data Domain Command Line Interface.

For example:

sysadmin@dd# reg show config_master.comm.ext.selfsigned
config_master.comm.ext.selfsigned = false


Example of Data Domain with self-signed certificates (not imported):

sysadmin@dd# adminaccess certificate show
Subject                Type   Application   Valid From                 Valid Until                Fingerprint
--------------------   ----   -----------   ------------------------   ------------------------   -----------------------------------------------------------
dd.local.machine   host   https         Tue Jan 20 12:29:48 2026   Sat Feb 20 12:29:48 2027   80:91:75:9B:E2:B1:21:6F:FD:1D:47:E3:A2:C5:9D:99:F7:BD:AB:4A
dd.local.machine   ca     trusted-ca    Thu Feb 20 12:29:48 2025   Wed Feb 19 12:29:48 2031   B6:19:D5:E3:F5:15:FB:B0:39:80:33:F9:A9:86:BE:93:DB:D7:CA:B0
--------------------   ----   -----------   ------------------------   ------------------------   -----------------------------------------------------------

In this example config_master.comm.ext.selfsigned should be TRUE.
 

Example of Data Domain with externally signed certificates (imported):

sysadmin@dd# adminaccess certificate show
Subject                Type            Application   Valid From                 Valid Until                Fingerprint
--------------------   -------------   -----------   ------------------------   ------------------------   -----------------------------------------------------------
dd.local.machine   host            https*        Tue Jan 20 12:29:48 2026   Sat Feb 20 12:29:48 2027   80:91:75:9B:E2:B1:21:6F:FD:1D:47:E3:A2:C5:9D:99:F7:BD:AB:4A
dd.local.machine   ca              trusted-ca    Thu Feb 20 12:29:48 2025   Wed Feb 19 12:29:48 2031   B6:19:D5:E3:F5:15:FB:B0:39:80:33:F9:A9:86:BE:93:DB:D7:CA:B0
dd.local.machine       imported-host   https         Tue Jan 20 18:00:00 2026   Sun Feb 21 17:59:59 2027   99:14:66:93:51:22:E3:B0:52:3A:29:09:50:EE:C9:F1:EB:23:B4:76
--------------------   -------------   -----------   ------------------------   ------------------------   -----------------------------------------------------------

 In this example config_master.comm.ext.selfsigned should be FALSE.

Resolution

The correct Data Domain registry settings are:

  • If the DD self‑signed HTTPS certificate is being used, the config_master.comm.ext.selfsigned value must be set to TRUE.

  • If an externally signed HTTPS certificate has been imported, then config_master.comm.ext.selfsigned must be set to FALSE

If your current configuration as shown on: adminaccess certificate show does not match the registry value, open a support ticket and reference this article.

Additional Information

https://jira.cec.lab.emc.com/browse/DDOSCFD-29328
https://jira.cec.lab.emc.com/browse/DDOSCFD-29834

 

Affected Products

Data Domain
Article Properties
Article Number: 000431698
Article Type: Solution
Last Modified: 03 Mar 2026
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.